package com.lizhe;

import com.lizhe.realm.CustomerMd5Realm;
import com.lizhe.realm.CustomerRealm;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.subject.Subject;

import java.util.Arrays;

/**
 * 类描述:  https://blog.csdn.net/A233666/article/details/113436604
 *
 * @author Lz on 2022-05-18
 */
public class TestCustomerMd5RealmAuthenicator {
    public static void main(String[] args) {
        DefaultSecurityManager defaultSecurityManager = new DefaultSecurityManager();

        // use 自定义realm
        //securityManager.setRealm(new IniRealm("classpath:shiro.ini"));
        CustomerMd5Realm realm = new CustomerMd5Realm();
        defaultSecurityManager.setRealm(new CustomerMd5Realm());

        // 设置realm使用hash凭证匹配器
        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
        // 设置哈希算法名称
        credentialsMatcher.setHashAlgorithmName("md5");
        // 散列次数
        credentialsMatcher.setHashIterations(1024);
        realm.setCredentialsMatcher(credentialsMatcher);
        defaultSecurityManager.setRealm(realm);

        //将安全管理器注入安全工具
        SecurityUtils.setSecurityManager(defaultSecurityManager);

        Subject subject = SecurityUtils.getSubject();

        UsernamePasswordToken token = new UsernamePasswordToken("zhangsan", "123456");
        try {
            subject.login(token);
            System.out.println("login succeed");
        } catch (UnknownAccountException e) {
            e.printStackTrace();
            System.out.println("用户名错误");
        } catch (IncorrectCredentialsException e) {
            e.printStackTrace();
            System.out.println("密码错误！");
        }

        // 授权
        if (subject.isAuthenticated()) {
            // 基于角色权限控制
            System.out.println(subject.hasRole("admin"));

            // 基于多角色的权限控制
            System.out.println(subject.hasAllRoles(Arrays.asList("admin", "user")));
            System.out.println(subject.hasAllRoles(Arrays.asList("admin", "manager")));

            // 是否具有其中一个角色
            boolean[] booleans = subject.hasRoles(Arrays.asList("admin", "user", "manager"));
            for (boolean flag : booleans) {
                System.out.println(flag);
            }

            System.out.println("=======================");

            //基于权限字符串的访问控制  资源标识符：操作：资源类型
            // 用户具有的权限 user:*:01 product:*
            System.out.println("权限:" + subject.isPermitted("user:update:01"));
            System.out.println("权限:" + subject.isPermitted("product:update:02"));

            // 分别具有哪些权限
            boolean[] permitted = subject.isPermitted("user:*:01", "user:update:02");
            for (boolean b : permitted) {
                System.out.println(b);
            }

            //同时具有哪些权限
            boolean permittedAll = subject.isPermittedAll("prodect:*:01", "prodect:update:03");
            System.out.println(permittedAll);

        }
    }
}
